The opinion in support of the decision being entered today was 
not written for publication and is not binding precedent of the 
Board. 
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ON BRIEF 



Before KRASS, JERRY SMITH and RUGGIERO, Administrative Patent 
Judges . 

RUGGI ERO , Administrative Patent Judge . 



This is a decision on the appeal from the final rejection of 
claims 1-2 6, which are all of the claims pending in this 
application. 

The disclosed invention relates to a system and method for 
implementing a computer network firewall by applying a security 
policy represented by a set of access rules for a given 
communication packet. 
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Claim 1 is illustrative of the invention and reads as 
follows : 

1. A method for validating a packet in a computer network, 
comprising the steps of: 

deriving a session key for said packet; 

selecting at least one of a plurality of security policies 
as a function of the session key, wherein a security policy 
comprises multiple rules; and 

using the selected at least one of the security policies in 
validating said packet. 

The Examiner relies on the following prior art: 

Shwed (Shwed *668) 5,606,668 Feb. 25, 1997 

Shwed et al. (Shwed x 726) 5,835,726 Nov. 10, 1998 

(filed Jun. 17, 1996) 

Claim 1-2 6, all of the appealed claims, stand finally 
rejected under 35 U.S. C. § 102(e) as being anticipated by Shwed 
x 726. Claims 1-26 also stand finally rejected under 35 U.S.C. 
§ 103(a) as being unpatentable over Shwed '668. 

Rather than reiterate the arguments of Appellants and the 
Examiner, reference is made to the Briefs 1 , the final Office 
action, and Answer for the respective details. 

1 The Appeal Brief was filed July 14, 2005 in response to the 
final Office action mailed December 21, 2004. In response to the 
Examiner's Answer mailed October 6, 2005, a Reply Brief was filed 
December 9, 2005, which was acknowledged and entered by the Examiner as 
indicated in the communication mailed January 18, 2006. 
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OPINION 

We have carefully considered the subject matter on appeal, 
the rejections advanced by the Examiner, and the evidence of 
anticipation and obviousness relied upon by the Examiner as 
support for the rejections. We have, likewise, reviewed and 
taken into consideration, in reaching our decision, Appellants' 
arguments set forth in the Briefs along with the Examiner's 
rationale in support of the rejections and arguments in rebuttal 
set forth in the Examiner's Answer. 

It is our view, after consideration of the record before us, 
that the Shwed '72 6 reference does not fully meet the invention 
as set forth in claims 1-2 6. With respect to the Examiner's 
35 U.S.C. § 103(a) rejection based on Shwed x 668, we are also of 
the view that the evidence relied upon and the level of skill in 
the particular art would not have suggested to one of ordinary 
skill in the art the invention as recited in claims 1-2 6. 
Accordingly, we reverse. 

We consider first the rejection of claims 1-2 6 under 
35 U.S.C. § 102(e) as being anticipated by Shwed *726. 
Anticipation is established only when a single prior art 
reference discloses, expressly or under the principles of 
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inherency, each and every element of a claimed invention as well 
as disclosing structure which is capable of performing the 
recited functional limitations. RCA Corp. v. Applied Digital 
Data Systems, Inc. , 730 F.2d 1440, 1444, 221 USPQ 385, 388 (Fed. 
Cir.); cert, dismissed , 468 U.S. 1228 (1984); W.L. Gore and 
Associates, Inc. v. Garlock, Inc. , 721 F.2d 1540, 1554, 220 USPQ 
303, 313 (Fed. Cir. 1983), cert, denied , 469 U.S. 851 (1984). 

With respect to the appealed independent claims 1, 17, and 
22, the Examiner attempts to read the various limitations on the 
disclosure of Shwed x 726. In particular, the Examiner (final 
Office action, pages 3 and 4) points to various portions of 
columns 2, 3, and 14 of the disclosure of Shwed x 726. 

Appellants' arguments in response assert that the Examiner 
has not shown how each of the claimed features are present in the 
disclosure of Shwed '72 6 so as to establish a case of 
anticipation. Appellants' arguments (Brief, pages 4-7; Reply 
Brief, pages 2 and 3) primarily focus on the contention that, in 
contrast to the claimed invention, Shwed '72 6 does not provide 
for the selection of w at least one of a plurality of security 
policies" for validating a data packet "wherein a security policy 
comprises multiple rules." 
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After reviewing the Shwed '72 6 reference in light of the 
arguments of record, we are in general agreement with Appellants' 
position as stated in the Briefs. In particular, we agree with 
Appellants that Shwed '726, at best, provides for the placement 
of a given security policy into a packet filter at a network 
node, i.e., there is no selection from among plural security 
policies dependent on a session key as claimed. While we agree 
with the Examiner that the claim language "selecting at least 
one" requires only the selection of one policy, the entirety of 
this clause in the claims requires that this selection be from "a 
plurality of security policies," a feature we find absent from 
the disclosure of Shwed '726. 

In view of the above discussion, since all of the claim 
limitations are not present in the disclosure of Shwed '726, we 
do not sustain the Examiner's 35 U.S.C. § 102(e) rejection of 
independent claims 1, 17, and 22, nor of claims 2-7, 18-21, and 
2 3-26 dependent thereon. 

We also do not sustain the Examiner's 35 U.S.C. § 102(e) 
rejection, based on Shwed '726, of independent claims 8 and 12 
and their dependent claims 9-11 and 13-15. These claims set 
forth the previously discussed security policy selection feature 
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using slightly different terminology. These claims require the 
designation of a plurality of independent security policies and 
the determination of which of the security policies is 
appropriate for a particular data packet, a feature missing from 
Shed '72 6 as discussed supra . 

Turning to a consideration of the Examiner's 35 U.S.C. 
§ 102(e) rejection, based on Shwed '726, of independent claim 16, 
we sustain this rejection as well. Independent claim 16 is 
directed to the feature of, in a plural administrator/plural 
domain environment, permitting only the administrator for a given 
domain to modify security policy rules for that particular 
domain. While we recognize that the Examiner (Answer, page 8) 
has cited several passages from Shwed x 72 6 which perhaps suggest 
that plural administrators for plural domains exist in the system 
of Shwed x 726, we find no disclosure which would satisfy the 
specific administrator rule modification restriction set forth in 
claim 16. 

Lastly, we also do not sustain the Examiner's separate 35 
U.S.C. § 103(a) rejection of appealed claims 1-26 based on Shwed 
'668. We agree with Appellants (Brief, pages 9 and 10; Reply 
Brief, pages 4 and 5) that Shwed x 668 suffers from the same 
deficiencies as previously discussed with regard to Shwed x 726. 
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As pointed out by Appellants, Shwed x 668 merely applies a given 
security policy set of rules, as programmed into a packet filter 
at a system node by an administrator, to validate an incoming 
data packet. In other words, there is no selection of a security 
policy from a plurality of security policies as function of a 
session key as set forth in appealed claims 1-15 and 17-2 6. In 
addition, similar to the above-discussed deficiency in Shwed 72 6, 
we find no disclosure in Shwed x 668 which would satisfy the 
claimed administrator rule modification restriction of appealed 
claim 16. 

In summary, we have not sustained either of the Examiner's 
rejections of the claims on appeal. Therefore, the decision of 
the Examiner rejecting claims 1-2 6 is reversed. 
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REVERSED 




ERROL A. KRASS 
Administrative Patent Judge 




JERRY SMITH 

Administrative Patent Judge 



BOARD OF PATENT 

APPEALS 
AND INTERFERENCES 



/JOSEPH F. RUGGIERO 
Administrative Patent Judge 



JFR/kis 
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